HOMETHREATSUAC-0149
APT / THREAT GROUP

UAC-0149

1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

UAC-0149 is a threat actor targeting the Armed Forces of Ukraine with COOKBOX malware. They use obfuscation techniques like character encoding and base64 encoding to evade detection. The group leverages dynamic DNS services and Cloudflare Workers for their C2 infrastructure.

Threat Analysis

UAC-0149 is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases1
SourceMalpedia

Also Known As

UAC-0149

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
UAC-0149 — APT / Threat Group | Threat Intelligence | CTIWATCH.COM